Author Archives: codeboy

IOT Breaks the Mental Model

Our model of how we own stuff is becoming increasingly ‘wrong’.

A few years ago my wife and I were wine tasting and there was a pretty cool paper maché collage for sale in the winery. We bought it and it’s now hanging between the kitchen and the dining room.

Now here’s the interesting part. It doesn’t interact with the rest of the house, or God forbid, the rest of the world. It doesn’t communicate with the fridge or some 14 year old Romanian out to get credit card information. It just sits on the wall. There is no interesting ecosystem with which it interacts. It’s a lump on the wall.

Having your property – your possessions – not be a part of the external world is becoming rarer. There’s a lot of hype about security of the Internet of Things (IOT) but, apart from the (technical) security aspects, I think the bigger problem is how to think about your possessions being a part of larger thing.

The biggest issue is understanding that It Must Change. If the world changes, your possessions needs to adapt. A friend recently told me he hadn’t updated his iPhone for years. This is beyond insane.

Wired to Wireless Bridge in Fedora 22 with Firewalld

I’ve been banging my head against a wall trying to get this working and am writing it down in case I need to do it again and in case it helps someone else.

I have a host ‘A’ with wifi and a cat5 ethernet port. I have other hosts (actually, a set of  surveillance cameras) that are wired only. These cameras want to talk to the internet. Making that happen through the host ‘A’ wireless was the goal.

Enable Forwarding

This tells you how.

Enable DHCPD

My dhcpd.conf file is as as follows:

subnet netmask {
    option domain-name-servers,;
    option routers;
    option subnet-mask;

Note that I have google’s DNS servers in there. I would have preferred to forward the servers from the wired DHCP, but had trouble (as have others on the interweb.) You also need to bind your wired interface to (or whatever private IP space you choose) and I forgot what I did to do that, but it’s not hard.

Mess with firewalld

(Most of the posts on the internet say to abandon it and revert to iptables. That might be the right thing to do. Certainly firewalld is badly documented.) In any event, bring up the firewall GUI.

  • Put the wireless interface in the ‘trusted’ zone. (I tried ‘external’ zone, but I think there’s other things I would need to do to get that to work.)
  • Turn on ‘Masquerade’ for the ‘trusted’ zone. This needs to be ‘permanent’. See the drop down at the top. (It’s unclear whether this actually does anything; it doesn’t seem to do anything on it’s own.)

It’s arguably easier to do both of those at the command line.

This link gave me the two crucial commands I’d been missing.

  • sudo firewall-cmd –permanent –direct –passthrough ipv4 -I FORWARD -i enp1s0 -o wlp2s0 -j ACCEPT
  • sudo firewall-cmd –permanent –direct –passthrough ipv4 -t nat -I POSTROUTING -o wlp2s0 -j MASQUERADE

‘wlp2s0’ is my wireless interace; ‘enp1s0’ is my wired interface.

(If you use the ‘–permanent’ flag you get around the issue the link has of having to run the commands after firewalld starts.)

The Pain


This post provides information on how to make an Ralink wireless card on Linux work with an old Netgear router. It’s also a bit of a rant, so if you’re not into the details skip to the end.

So I’ve got some old hardware. A Compaq PC, heavily upgraded to 512MB RAM and running Ubuntu, but still well over a decade old. A Netgear WGT624 V3 router, which is pretty old, but not a decade ancient. And a pretty close to a decade old laser printer. They’re all in the second bedroom and most of the house runs off the wireless (two phones, three laptops, roku) but the PC is still wired via a long-ass CAT 5. The printer is connected to the PC, which acts as a print server. It’s all ancient, but the house can print so all is good.

Nearly two years ago, the wife asks me if I can get rid of the long-ass CAT 5 snaking through the second bedroom and I say “No problem.” Thusly, my journey to hell begins. I bop off to the local computer mart and purchase a PCI wireless card for $10-15 – making sure the box says it’s Linux compatible. I install it, boot the PC, and – nothing.

Now, I’m used to this. I’ve become increasingly impressed with Linux distros. Back in the day, you had to install them with a blow torch and Crazy-Glu, but no longer. Mint and Ubuntu have made me soft. I remember when getting video going on the simplest install meant hours poking in /etc. But, as I say: no longer. So I was pretty confident I could make this work.

The first weekend pretty much resulted in finding this post.

That was a big step forward. I’m in shock that I’m compiling drivers, but what-the-hey. However, still no connection. I give up for a month or so. The CAT 5 lives on.

So I get pissed off and decide to burn another weekend. I manage to connect to a nearby ‘open’ wifi connection. (It’s low strength and intermittent, so I can’t really use it ‘for realz’.) But it tells me that the problem is the combination of my wifi card and my router. All my other devices connect to my router fine. And my wifi card connects to the nearby open wifi fine. This is awkward.

Any normal person would at this point:

  • Buy a new network attached printer.
  • Buy another network card that actually works with Linux.
  • Buy a real PC that can connect wirelessly natively.

As an alternate tactic, I installed wireshark on one of the laptops and started analyzing wireless frames. This is crazy talk. I know next to nothing about networking and absolutely nothing about wireless networking. Nonetheless I figured out the router was not responding to an ‘Association Request’ frame, which resulted in this exchange.

Well. So much for that. A year and a half passes. The CAT 5 lives on.

We recently buy a new bed, which results in a bedroom swap and a requirement to have the PC move into a different bedroom from the router. So I can string CAT 5 through the two bedrooms and across the hall in front of the bathroom (i.e., get divorced), resort to one of the cop-outs above, or make the damn wireless card work.

Having said that, I’ve got another option. I’ve got a Windows 7 (Starter) netbook that I don’t really use so I decide to use that as a print server. I quickly find out that BillG has intentionally crippled it so I’m screwed. I look into installing something else on it (Jolicloud, apparently) but that looks as evil as what it would replace, so I’m back to square one.

I start reading the wireless driver source this morning and realize that the ‘Extended Capabilities’ section in the Association Request should only be sent in 802.11n, which I think I’ve disabled in the make settings (in the usual random attempts to get things to work.) However, after some poking, it turns out that ‘make clean’ doesn’t actually clean and leaves settings detritus around. I’m well on my way now.

A fresh install of the driver source code, turn off the 802.11n defines and I’m ready to roll! Except it won’t compile. The source seems to want 11n to be turned on. With much trepidation I start ‘ifdefing’ the source. An hour later and it compiles and – lord be praised – it works.

Nearly two years in and the network card and wireless printer sharing work.

So who should I blame for this abomination? Well, partly me. I could easily have bought newer hardware which would have almost certainly worked. Netgear? It certainly would be nice if their routers had some log level that wasn’t ‘fail silently’. Ralink? Absolutely! That’s the last thing I buy from them. I have to modify their drivers to get the card to connect to a standard (albeit somewhat old) router? Give me a break.


If you have an old router (802.11n incompatible) and want to connect from Linux via an Ralink card, read the hyperborea link above and apply the attached patch to the driver source. (Rename .xls to .patch. WordPress hates me.)

Good luck. It seems you’ll need it.

I’m Checking Stuff

I’m recently reading a lot of functions which look like checkFoo(). They always return void and I invariably have to read them to figure out what they do. They either test some state and possibly throw an exception or they fix up some internal state.

void checkTheWeather(); // throws if it's too cold to go out

void checkTheStove(); // turn the stove off if it's on

From the context above it’s clear what’s going on, but mostly I can’t tell. This naming seems preferable.

void validateGoodWeather(); // throws if it's too cold to go out

void turnOffStove(); // idempotent ftw